{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-45744", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2023-11-22T15:48:03.435Z", "datePublished": "2024-04-17T12:55:48.462Z", "dateUpdated": "2024-08-28T15:02:45.372Z"}, "containers": {"cna": {"affected": [{"vendor": "Peplink", "product": "Smart Reader", "versions": [{"version": "v1.2.0 (in QEMU)", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE", "cweId": "CWE-284"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-04-17T17:00:08.519Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1866", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1866"}, {"url": "https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256", "name": "https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256"}], "credits": [{"lang": "en", "value": "Discovered by Matt Wiseman of Cisco Talos."}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-45744", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-23T19:39:57.674026Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:peplink:smart_reader:v1.2.0:*:*:*:*:*:*:*"], "vendor": "peplink", "product": "smart_reader", "versions": [{"status": "affected", "version": "v1.2.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:20:03.687Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1866", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1866", "tags": ["x_transferred"]}, {"url": "https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256", "name": "https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240828-0006/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-28T15:02:45.372Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1866", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1866", "tags": ["x_transferred"]}, {"url": "https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256", "name": "https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240828-0006/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-28T15:02:45.372Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-45744", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-23T19:39:57.674026Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:peplink:smart_reader:v1.2.0:*:*:*:*:*:*:*"], "vendor": "peplink", "product": "smart_reader", "versions": [{"status": "affected", "version": "v1.2.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-23T19:39:02.623Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Matt Wiseman of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Peplink", "product": "Smart Reader", "versions": [{"status": "affected", "version": "v1.2.0 (in QEMU)"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1866", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1866"}, {"url": "https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256", "name": "https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256"}], "descriptions": [{"lang": "en", "value": "A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-04-17T17:00:08.519Z"}}}, "cveMetadata": {"cveId": "CVE-2023-45744", "state": "PUBLISHED", "dateUpdated": "2024-08-28T15:02:45.372Z", "dateReserved": "2023-11-22T15:48:03.435Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2024-04-17T12:55:48.462Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de integridad de datos en la funcionalidad de la interfaz web /cgi-bin/upload_config.cgi de Peplink Smart Reader v1.2.0 (en QEMU). Una solicitud HTTP especialmente manipulada puede provocar una modificaci\u00f3n de la configuraci\u00f3n. Un atacante puede realizar una solicitud HTTP no autenticada para desencadenar esta vulnerabilidad."}], "id": "CVE-2023-45744", "lastModified": "2024-04-17T17:15:12.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "talos-cna@cisco.com", "type": "Primary"}]}, "published": "2024-04-17T13:15:07.827", "references": [{"source": "talos-cna@cisco.com", "url": "https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256"}, {"source": "talos-cna@cisco.com", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1866"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "talos-cna@cisco.com", "type": "Primary"}]}

{}